Pauline Jakubiec, MS, CPHRM / Risk Management Consultant
The intended effect of utilizing hand-held devices and laptop computers is improved communication and streamlined work flow. However, you may be subjecting yourself to violations of the Health Insurance Portability and Accountability Act (HIPAA) in the process.
Unfortunately, privacy and security breaches still continue to occur. Most of the breaches are avoidable and occur through human error. The majority of the breaches result from lost or stolen laptops or handheld devices (usually from a car), sending email to the incorrect person/party, and emailing information with an unencrypted e-mail system. The penalties for these breaches have increased, and there are even larger fines for recurrences. Each violation can range from $100-$50,000 (increased from a maximum of $25,000) to a maximum of $1.5 million for repeat/identical occurrences within a calendar year, according to the Department of Health and Human Services.
Further, short message service (SMS) text messaging is also non-secure and non-compliant with safety and privacy regulations, according to HIPAA. This is because these messages can be read by anyone, forwarded, remain unencrypted on telecommunication servers and remain forever on the sender’s and receiver’s phones.
Steps to reduce your risk may include the following:
- Utilize a device that has encryption software
- Utilize auto lock for all phones. With this type of system, once the phone is set down, it will
Automatically lock after a few seconds and a passcode will be needed to regain access. This
operates similarly to a computer at home or the office when automatic log- offs occur.
- Be sure that Remote wiping is available if/when a phone is lost or stolen, so that it can be “wiped clean” remotely of any and/or all data, emails, and text messages.
- Utilize a HIPAA-compliant data center to store your data and applications securely in an off-site location with the appropriate technical, credible, and network security in place. With limited remote access, your data can be safely stored outside of your personal and portable devices, where servers are being directed and monitored by trained professionals as suggested in “Compliant Hosting” (see reference below).
As practitioners move toward using text messaging in their daily routines, they must also consider implementing the appropriate privacy policies for their patients and office staff.
References: www.AMA-ASSN.org/ama/pub/physician-resources; “HIPAA Violation Enforcement”.
Material posted on this website is for informational purposes only and does not constitute a legal opinion or medical advice. Contact your legal representative or medical professional for information specific to your legal or medical needs.